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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to the amendment filed on April 27, 2005. 
Claims 1-24 were originally received for consideration. Per the received 
amendment, claims 1,3,4,7-9, 11-12, 15-21, and 24 are amended. Claims 1-24 
are currently being considered. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent 
therefor, subject to the conditions and requirements of this title. 

2. Claims 1-8 and 17-24 are rejected under 35 U.S.C. 101 because the 
claimed invention is directed to non-statutory subject matter. 

3. Claims 1-3 are rejected under 35 U.S.C. 101 because the claims delineate 
a method that is not tangibly embodies on a computer-readable medium. 

4. Claims 4-8 are under 35 U.S.C. 101 because the claims delineate a 
method that is not tangibly embodies on a computer-readable medium. 

5. Claims 17-19 are rejected under 35 U.S.C. 101 because they are function 
descriptive material per se. Data structures not claimed as embodied on a 
computer-readable medium are descriptive material per se and are not statutory 
because they are not capable of causing a functional change in the computer. 
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6. Claims 20-24 are rejected under 35 U.S.C. 101 because they are 
functional descriptive material per se. Data structures not claimed as embodied 
on a computer-readable medium are descriptive material per se and are not 
statutory because they are not capable of causing a functional change in the 
computer. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 
Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent or 
(2) a patent granted on an application for patent by another filed in the United States before 
the invention by the applicant for patent, except that an international application filed under 
the treaty defined in section 351 (a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

7. Claims 1-24 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Icken et al. (U.S. Patent No. 6,816,906). 

Regarding claim 1 , Icken discloses: 

A method for extending and grouping actions and permissions for 
authorization of a requesting user to access or use a requested protected system 
resource in a computer system, said method comprising the steps of: 
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providing an access control policy (column 2 lines 58-60) associated with 
said requested protected system resource, said access control policy containing 
a permission list of permitted identities (column 2 lines 20-35) for use of said 
protected system resource, and at least one action group tag and associated 
action indicators (column 4 lines 40-48); 

reusing a finite quantity of action indicators among a plurality of action 
group tags to control a number of unique permissions less than or equal to the 
product of the quantity of allowable action indicators and a quantity of allowable 
action group tags (column 4 lines 33-55) t wherein a group of users can be 
assigned the same group tag which determines the permissions that the group is 
allowed such as accessing authoring materials at different geographic locations; 

evaluating said permission list according to a specific permission definition 
associated with said action group tag, said permission definition providing a 
correlation between permissible actions and members of a set of action 
indicators (column 4 lines 33-55), wherein the attribute value (group tag) imparts 
specific types of authority to users; and 

granting authorization to perform actions on said requested protected 
system resource to said requesting user if said access control policy permission 
list includes an appropriate action indicator correlated to an action group tag 
(column 4 lines 33-59). 

Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Icken 
discloses: 
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The method as set forth in claim 1 further comprising providing in an 
access control policy permission list a plurality of action group tags, each action 
group tag having one or more associated action indicators, such that resultant 
granting of authorization to act on said requested protected object is completed if 
the requested action is allowed by any of the associated action indicators of any 
of the action groups (column 4 lines 33-59). 

Claim 3 is rejected as applied above in rejecting claim 2. Furthermore, Icken 
discloses: 

The method as set forth in claim 1, wherein said requested protected 
system resource comprises a computer file sent to a local computer from a 
remote computer over a computer network (column 4 lines 48-55). 

Regarding claim 4, Icken discloses: 

A method for managing permission indicators for computer system 
protected objects comprising the steps of: 

providing a plurality of permission indicator containers in an access control 
list (column 2 lines 20-35); 

associating a first set of permission indicators with a primary permission 
indicator container (column 4 lines 40-48); and 

associating one or more additional sets of permission indicators with 
additional permission indicator containers (column 4 lines 40-48), wherein said 
permission indicators are reused among said containers such that permission 



Application/Control Number: 09/903,704 Page 6 

Art Unit: 2131 

indicators may be categorized and grouped logically to control a number of 
unique permissions less than or equal to the product of a quantity of allowable 
action indicators and a quantity of allowable action group tags (column 4 lines 
33-55), wherein a group of users can be assigned the same group tag which 
determines the permissions that the group is allowed such as accessing 
authoring materials at different geographic locations. 

Claim 5 is rejected as applied above in rejecting claim 4. Furthermore, Icken 
discloses: 

The method as set forth in claim 4 wherein said step of providing a first set 
of permission indicators comprises providing at least one other (additional) 
permission indicator set having equivalent permission indicators to said first set 
such that permission indicators may be assigned unique permissive control 
according to a permission indicator container with which they are associated 
(column 4 lines 40-48). 

Claim 6 is rejected as applied above in rejecting claim 5. Furthermore, Icken 
discloses: 

The method as set forth in claim 5 wherein said step of providing an 
equivalent set of permission indicators comprises providing the characters "a" 
through "z" and "A" through "Z" as permission indicators (column 2 lines 23-44), 
wherein the Userid and the table of constants are interpreted as using letter of 
either case as indicators. 
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Claim 7 is rejected as applied above in rejecting claim 4. Furthermore, Icken 
discloses: 

The method as set forth in claim 4 further comprising associating an action 
group tag with a permission indicator container (column 4 lines 40-48). 

Claim 8 is rejected as applied above in rejecting claim 7. Furthermore, Icken 
discloses: 

The method as set forth in claim 7 further comprising the step of providing 
an action group tag with an associated list of permission indicators in an access 
control list entry (column 2 lines 20-35), 

Regarding claim 9, Icken discloses: 

A computer readable medium encoded with software or extending and 
grouping actions and permissions for authorization of a requesting user to access 
or use a requested protected system resource in a computer system, said 
software performing steps comprising: 

providing an access control policy (column 2 lines 58-60) associated with 
said requested protected system resource containing a permission list of 
permitted identities (column 2 lines 20-35) and at least one action group tag with 
associated action indicators (column 4 lines 40-48); 

reusing a finite quantity of action indicators among a plurality of action 
group tags to control a number of unique permissions less than or equal to the 
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product of the quantity of allowable action indicators and a quantity of allowable 
action group tags (column 4 lines 33-55), wherein a group of users can be 
assigned the same group tag which determines the permissions that the group is 
allowed such as accessing authoring materials at different geographic locations; 

evaluating said permission list according to a specific permission definition 
associated with said action group tag, said permission definition providing a 
correlation between members of a set of action indicators (column 4 lines 33-55), 
wherein the attribute value (group tag) imparts specific types of authority to 
users; and 

granting authorization to perform actions on said requested protected 
system resource to said requesting user if said access control policy permission 
list includes an appropriate action indicator correlated to an action group tag 
(column 4 lines 33-59). 

Claim 10 is rejected as applied above in rejecting claim 9. Furthermore, Icken 
discloses: 

The computer readable medium as set forth in claim 9 further comprising 
software for providing in an access control policy permission list a plurality of 
action group tags, each action group tag having one or more associated action 
indicators, such that resultant granting of authorization to act on said requested 
protected object is completed if the requested action is allowed by any of the 
associated action indicators of any of the action groups (column 4 lines 33-59). 
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Claim 1 1 is rejected as applied above in rejecting claim 9. Furthermore, Icken 
discloses: 

The computer readable medium as set forth in claim 9 wherein said 
requested protected system resource comprises a computer file sent to a local 
computer from a remote computer over a computer network (column 4 lines 48- 
55). 



Regarding claim 12, Icken discloses: 

A computer readable medium encoded with software for managing 
permission indicators for computer system protected objects, said software 
performing the steps of: 

providing a plurality of permission indicator containers in an access control 
list (column 2 lines 20-35); 

associating a first set of permission indicators with a primary permission 
indicator container (column 4 lines 40-48); and 

associating one or more additional sets of permission indicators with 
additional permission indicator containers (column 4 lines 40-48), wherein said 
permission indicators are reused among said containers such that permission 
indicators may be categorized and grouped logically to control a number of 
unique permissions less than or equal to the product of a quantity of allowable 
action indicators and a quantity of allowable action group tags (column 4 lines 
33-55), wherein a group of users can be assigned the same group tag which 
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determines the permissions that the group is allowed such as accessing 
authoring materials at different geographic locations. 

Claim 13 is rejected as applied above in rejecting claim 12. Furthermore, Icken 
discloses: 

The computer readable medium as set forth in claim 12 wherein said 
software for providing a first set of permission indicators comprises software for 
providing permission indicators which are equivalent to at least one other 
(additional) permission indicators such that permission indicators may be 
assigned unique permissive control according to a permission indicator container 
with which they are associated (column 4 lines 40-48). 

Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, Icken 
discloses: 

The computer readable medium as set forth in claim 13 wherein said 
software for providing equivalent permission indicators comprises software for 
providing a set of permission indicators including the characters "a" through "z" 
and "A" through "Z" (column 2 lines 23-44), wherein the Userid and the table of 
constants are interpreted as using letter of either case as indicators. 

Claim 15 is rejected as applied above in rejecting claim 12. Furthermore, Icken 
discloses: 
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The computer readable medium as set forth in claim 12 further comprising 
software for associating an action group tag with a permission indicator container 
(column 4 lines 40-48). 

Claim 16 is rejected as applied above in rejecting claim 15. Furthermore, Icken 
discloses: 

The computer readable medium as set forth in claim 15 further comprising 
software for providing an action group tag with an associated list of permission 
indicators in an access control list entry (column 2 lines 20-35). 

Regarding claim 17, Icken discloses: 

An authorization system for extending and grouping actions and 
permissions for authorization of a requesting user to access or use a requested 
protected system resource in a computer system, said system comprising: 

an access control policy (column 2 lines 58-60) associated with said 
requested protected system resource, having a permission list of permitted 
identities (column 2 lines 20-35) and at least one action group tag with 
associated action indicators wherein a finite quantity of action indicators are 
reused among a plurality of action group tags to control a number of unique 
permissions less than or equal to the product of the quantity of allowable action 
indicators and a quantity of allowable action group tags (column 4 lines 33-55), 
wherein a group of users can be assigned the same group tag which determines 
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the permissions that the group is allowed such as accessing authoring materials 
at different geographic locations; 

a permission list evaluator for evaluating an access control policy 
permission list according to a specific permission definition associated with said 
action group tag, said permission definition providing a correlation between 
members of a set of action indicators (column 4 lines 33-55), wherein the 
attribute value (group tag) imparts specific types of authority to users; and 

an authorization grantor adapted to grant authorization to perform actions 
on said requested protected system resource to said requesting user if said 
access control policy permission list includes an appropriate action indicator 
correlated to an action group tag (column 4 lines 33-59). 

Claim 18 is rejected as applied above in rejecting claim 17. Furthermore, Icken 
discloses: 

The system as set forth in claim 17 further wherein said access control 
policy permission list comprises a plurality of action group tags, each action 
group tag having one or more associated action indicators, such that resultant 
granting of authorization to act on said requested protected object is completed if 
the requested action is allowed by any of the associated action indicators of any 
of the action groups (column 4 lines 33-59). 

Claim 19 is rejected as applied above in rejecting claim 17. Furthermore, Icken 
discloses: 
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The system as set forth in Claim 17 wherein the requested protected 
system resource comprises a computer file sent to a local computer from a 
remote computer over a computer network (column 4 lines 48-55). 

Regarding claim 20, Icken discloses: 

A system for managing permission indicators for computer system 
protected objects comprising: 

a plurality of permission indicator containers for an access control list 
(column 2 lines 20-35); 

a first set of permission indicators associated with a primary permission 
indicator container (column 4 lines 40-48); and 

one or more additional sets of permission indicators (column 4 lines 40- 
48) associated with additional permission indicator containers, wherein such 
permission indicators are reused among said containers such that permission 
indicators are categorized and grouped logically to control a number of unique 
permissions less than or equal to the product of a quantity of allowable action 
indicators and a quantity of allowable action group tags (column 4 lines 33-55), 
wherein a group of users can be assigned the same group tag which determines 
the permissions that the group is allowed such as accessing authoring materials 
at different geographic locations. 

Claim 21 is rejected as applied above in rejecting claim 20. Furthermore, Icken 
discloses: 
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The system as set forth in claim 20 wherein said a first set of permission 
indicators and at least one other (additional) permission indicator set are 
equivalent permission indicators such that permission indicators are assigned 
unique permissive control according to the permission indicator container with 
which they are associated (column 4 lines 40-48). 

Claim 22 is rejected as applied above in rejecting claim 21 . Furthermore, Icken 
discloses: 

The system as set forth in claim 21 wherein said equivalent set of 
permission indicators comprises the characters "a" through "z" and "A" through 
"Z" (column 2 lines 23-44), wherein the Userid and the table of constants are 
interpreted as using letter of either case as indicators. 

Claim 23 is rejected as applied above in rejecting claim 20. Furthermore, Icken 
discloses: 

The system as set forth in claim 20 further comprising an action group tag 
associated with a permission indicator container (column 4 lines 40-48). 

Claim 24 is rejected as applied above in rejecting claim 23. Furthermore, Icken 
discloses: 

The system as set forth in claim 23 further comprising an action group tag 
associated with a list of permission indicators in an access control list entry 
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(column 2 lines 20-35). 



Conclusion 



Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Kaveh Abrishamkar whose telephone number 
is 571-272-3786. The examiner can normally be reached on Monday thru Friday 
8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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